Hello, David.
David said:
> Hello,
> I have an app that is going to be run behind apache using mod_wsgi.
> In addition i have apache running http auth(via LDAP) and I can verify that
> request.environ.get('REMOTE_USER') is being set.
> Now I need to figure out how to get TG2 to set the identity.
> I wrote an Identifier, as explained at
> http://static.repoze.org/whodocs/narr.html#writing-an-identifier-plugin
> class MyIdentifier(object):
> def identify(self, environ):
> login = request.environ.get('REMOTE_USER').lower()
> if login:
> u = model.Users.select_by(login=login).one()
> #set tg2 env ??
> else:
> raise Exception('could not find the correct user for %s'%login)
> def remember(self, envrion, identity):
> pass
> def forget(self, envrion, identity):
> pass
Identifiers do not authenticate; that's what authenticators do and there's an
SQLAlchemy authenticator which is used by default in TG2:
http://code.gustavonarea.net/repoze.who.plugins.sa/
However, in the snippet above you don't do anything with the "login" variable;
unless you meant to authenticate the user twice, which would be weird. If what
you actually want is to load the user's SQLAlchemy object into the request,
then you need a repoze.who SQLAlchemy metadata provider, and it's already
available:
http://code.gustavonarea.net/repoze.who.plugins.sa/
(Just in case, repoze.who plugins shouldn't raise exceptions (except in their
constructors) as they'll break the application, triggering the error
middleware.)
> My real question is how to "attach" this to TG2. I belive this lives
> somewhere in myapp.config.app_cfg, but I am not sure how that works.
> http://turbogears.org/2.0/docs/main/Auth/Authorization.html#how-turbogears-
>deals-with-repoze-what-internallyis a good resourse, but I just need this
> last little bit.
Here it is:
http://turbogears.org/2.0/docs/main/Auth/Customization.html#customizing-
authentication-settings
In other words, all the attributes of "app_cfg.sa_auth" will be passed as
keyword arguments to repoze.what.plugins.quickstart.setup_sql_auth():
http://code.gustavonarea.net/repoze.what-quickstart/
Finally, you should keep in mind that repoze.who won't work while you have
Apache doing authentication. If you want to use any of its plugins, you have
to let repoze.who handle authn. You may want to see this:
http://code.gustavonarea.net/repoze.who.plugins.ldap/
Good luck!
--
Gustavo Narea <xri://=Gustavo>.
| Tech blog: =Gustavo/(+blog)/tech ~ About me: =Gustavo/about |
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en
-~----------~----~----~----~------~----~------~--~---
